def change_password():
"""Change password
**Change user password using json params.**
---
tags:
- Core
parameters:
- in: body
name: body
required: true
schema:
id: change_password_form
required:
- old_password
- password
- confirm_password
properties:
old_password:
type: string
password:
type: string
confirm_password:
type: string
responses:
200:
description: Change with success
schema:
id: generic_success
properties:
message:
type: string
400:
description: Invalid json informations
schema:
$ref: "#/definitions/generic_error"
401:
description: Invalid credentials
schema:
$ref: "#/definitions/generic_error"
"""
required_fields = ('old_password', 'password', 'confirm_password')
if all(request.json.get(field) for field in required_fields):
old_password = request.json.get('old_password')
password = request.json.get('password')
confirm_password = request.json.get('confirm_password')
else:
return abort(400)
try:
user = User.by_login(current_user.username)
user.change_password(old_password=old_password, password=password, confirm_password=confirm_password)
return jsonify({'message': 'success'}), 200
except (InvalidPassword, PasswordMismatch):
return abort(400)
except InvalidCredentials:
return abort(401)
if g.user:
return redirect(url_for('profile'))
form = RegisterForm(request.form)
if request.method == 'POST' and form.is_valid():
user = form.save()
user.add_role('user')
db.commit() # commit BEFORE doing auth.login!
auth.login(user)
return redirect(url_for('profile'))
return render_template('index.html', **locals())
@app.route('/user/')
@auth.protected()
def profile():
return render_template('profile.html', **locals())
if __name__ == '__main__':
# Just for this demo
db.create_all()
if not User.by_login(u'example'):
db.add(User(login=u'example', password='******'))
db.commit()
#
port = int(os.getenv("PORT", 5000))
app.run(host='0.0.0.0', port=port)
def test_get_inexistent_user():
with pytest.raises(UserNotFound):
User.by_login('Luke_Skywalker')
def test_get_user_with_email(user):
user = User.by_login('*****@*****.**')
assert str(user) == '<User[1] username=\'Darth_Vader\'>'
def test_get_user_with_username(user):
user = User.by_login('Darth_Vader')
assert user.email == '*****@*****.**'
def login():
"""Login
**Authenticate user using json params.**
---
tags:
- Core
parameters:
- in: body
name: body
required: true
schema:
id: login_form
required:
- username
- password
properties:
username:
type: string
password:
type: string
remember:
type: boolean
responses:
200:
description: Login with success
schema:
id: generic_success
properties:
message:
type: string
400:
description: Invalid json informations
schema:
id: generic_error
properties:
error_code:
type: string
401:
description: Invalid credentials
schema:
$ref: "#/definitions/generic_error"
404:
description: User not found
schema:
$ref: "#/definitions/generic_error"
"""
required_fields = ('username', 'password')
if all(request.json.get(field) for field in required_fields):
username = request.json.get('username')
password = request.json.get('password')
remember = request.json.get('remember')
else:
return abort(400)
try:
user = User.by_login(username)
if user.validate_password(password):
login_user(user, remember)
return jsonify({'message': 'success'}), 200
else:
return abort(401)
except UserNotFound:
return abort(404)
